Malware Analysis Tool: retoolkit
Reading Time: 1 Minute
Description
Retoolkit is a Reverse Engineering and Malware Analysis tool developed by the Mentebinaria group. It aims to provide a set of useful utilities for binary analysis and reverse engineering which includes various tools such as disassemblers, debuggers, hex editors, and memory viewers. It supports a wide range of platforms including Windows, Linux, macOS, and even some embedded systems.
The tool is built using Python and C++ and integrates with other popular reverse engineering tools such as IDA Pro and Ghidra. It provides an easy-to-use command-line interface, making it suitable for both beginners and advanced users. It is a comprehensive and flexible reverse engineering tool that can assist analysts in their analysis of binary files, malware, and other security-related tasks.
See Also: So you want to be a hacker?
Offensive Security Courses
How to access the tools
After installing this program, you’ll have two ways to access the tools:
- Double-click the retoolkit icon in the Desktop.
- Right-click on a file, choose Send to ➡ retoolkit. This way the selected file is passed as argument to the desired program.
Trending: OSINT Tool: wholeaked
Trending: Digital Forensics Tool: Email Analyzer
Why do you need it?
You don’t. Obviously, you can download such tools from their own website and install them by yourself in a new VM. But if you download retoolkit, it will probably save you some time. Additionally, the tools come pre-configured so you’ll find things like x64dbg with a few plugins, command-line tools working from any directory, etc. You may like it if you’re setting up a new analysis VM.
Download
The *.iss files you see here are the source code for our setup program built with Inno Setup. To download the real thing, you have to go to the Releases section and download the setup program.
Included tools
Have a look at the wiki for a detailed list.
Is it safe to install it in my environment?
Some included tools are not open source. You should use it exclusively in virtual machines and under your own responsibility.
Clone the repo from here: GitHub Link